You cant catch

what you cant see

Server Activity Surveillance:
www.heyce.com
About Heyce
Heyce Technologies is a diversied security and automation devices
manufacturing company, focused on revolutionizing critical data security
mechanisms and automating information recording.
As a world leader in automation technology, we integrate technologies and
design into customer-centric solutions, based on elemental customer insights,
incorporating latest market trends & demands.
Heyce Technologies manufactures industry leading security solutions by
integrating innovative and cost effective user identication techniques
that deliver beyond customer expectations. Heyce Technologies smart
and modern innovations have been deployed and effectively used by every
industry verticals ranging from government, semi-government, banks,
manufacturing industries, automobiles, police, military, armed forces, airlines,
telecommunications, shipping, hospitals, real estate, service providers, hotels,
system integrators, to name a few.
We shall remain committed towards environmental sustainability by meeting
the needs of today without compromising the ability of future generations to
meet their own needs.
Smart User Activity Recording
with Video Content Analysis
Record, Replay, Stream and Search All User Sessions
ObserveITs session recording system captures video of all on-screen activity while users work in Windows, Unix / Linux and desktops
with the most advanced technology available. ObserveIT records the activities of remote vendors and internal privileged users, in every
application and system area. This allows PCI / HIPAA auditors, system administrators and IT troubleshooters to replay any session, as if
someone had been standing over the users shoulder with a video camera in hand.
Video Activity Analysis
We understand that you don't have the time to watch long & boring Hollywood movie length video of system administrator's sessions.
ObserveIT goes far beyond simply recording such on-screen activities. The software transcribes every session into an easy-to-read
summary so that watching the video isnt necessary to know what the user did .Clicking on any particular event in the summary launches
the video playback from that exact moment.
Furthermore, detailed session data is immediately available for free-text keyword searching.
You can search for:
Names of applications run Text typed, edited, pasted, selected, etc.
Titles of windows opened Commands and scripts run
URLs accessed Checkboxes clicked and much more.
Every resulting search hit is linked directly to the portion of the video where that action
occurred! This makes it incredibly easy to nd the exact moment that an action was
performed from among thousands of hours of video.
Zero-Gap Recording
ObserveIT records and analyzes user activity in every application, Web page and system area, over any connection protocol
(RDP, SSH, Telnet, ICA, direct console login, etc.). ObserveIT records sessions in Citrix published applications, Citrix virtual desktops and
VMware environments, as well as stand-alone Windows, Unix, Linux desktops and servers.
No other product on the
market offers these must-
have user auditing features!
ObserveIT - Redene User Activity Recording
Do you share Privileged User Accounts?
Statistics show that an alarming 71% of data breaches and system failures involve
usage of Privileged User credentials. The trouble caused by a privileged user or the
generic Administrator is untraceable due to the generous sharing of usernames and
passwords among trusted IT users in most companies. If you have this problem or are
unaware its occurrence, continue reading
Our Solution: ObserveIT addresses this major unease by implementing Secondary
Authentication of Privileged User Accounts. No more nger pointing on who did
what and wondering what was the probable cause of outage.
Do you have remote third party vendors accessing
your Servers?
Dependability on third-party solution providers is unavoidable as they are
responsible to manage system development, deployment and related support. To
perform this role, the vendors require privileged access to corporate networks using
remote applications. What steps have you taken to ensure sensitive information
protection during such remote access?
Our Solution: ObserveIT records and provides precise replay of exactly what took
place during each remote user session. As soon as vendors discover that all actions are
being recorded, they realize the accountability for their actions. Vendor management
thereby becomes a very easy task with ObserveIT.
Log analysis available, right? But have you
investigated on the possible loopholes?
We are aware that windows event viewer logs most of the events. But hold on, by
looking at event viewer data, can we analyze what was done few minutes ago? SIEM
technology tool analyses these events to produce technical debug logs. But what about
applications that do not generate logs? Example, admin tools like Registry Editor, SQL
Manager, Toad, Network Cong etc.; desktop applications like Firefox, Chrome, IE, MS
Excel, Word, Outlook, Skype etc.; remote & virtualization applications such as Remote
Desktop, VMware vSphere etc.; text editors such as vi, Notepad etc. do not produce
any logs.
Our Solution: ObserveIT not only generates human understandable textual logs for
applications with and without logs, but also attaches related video to them, thereby
avoiding all usual blind-spots that render traditional log analysis tools inadequate.
Are your compliance norms met?
Corporate compliance controls require documentation of exactly what takes place
on each critical server, and also to be able to explain why every action was necessary.
Compliance is about people and to make sure that you know every action that people
do which impacts sensitive data.
Our Solution: ObserveIT offers the following benets for Security Compliance
Regulators:
Audit people, not just apps - Cover actual user activity, not just the resulting data
impact. Provides precise root cause analysis
Total application coverage - Flexible solution that is agnostic to application and
protocol, eliminating need for app-specic solutions
We grow with your growth - We cover your needs even as you add new
applications to your production environment
Reduced costs and ease of use - Lower resource commitment for generating
compliance reports: Less effort, with faster turnaround time
Bulletproof - Unequivocal audit trail of user activity, guaranteeing authentication
and non-repudiation
Precise user identication - Tie each activity to a specic user, including identity of
generic "administrator" users

Salient Features
Complete Control
Record, Replay, Stream
Effective Identity Management
Active Vendor Management
Real Time Playback
Cutting-edge Scalability
Multi-Platform Support (Including
Windows, Linux, Unix, Citrix, VMWare)
SIEM Integration
System Monitor Integration
Ticketing System Integration
Comprehensive Security
Dual Password Session Playback Privacy
Granular User Permission
Identity Theft Detection
Active Watchdog Mechanism
Effective Analysis
Video Activity Analysis
DBA Activity Audit
Threat Detection
Customized Recording Policies
Detailed Logging
Intelligent Audit Logs
Advanced Key-logging
Generate Logs for Applications without
Logs (E.g. Notepad, SQL Manager,
Registry Editor Etc.)
Advanced Reporting
Automated Report Generator
Fully Customizable Reports
Policy Messaging
Lower Cost with Rapid ROI
No Additional Hardware
Cost-effective Deployment Scenarios
No Changes in Existing IT Infrastructure
Easy Implementation
Relatively Small Footprint
Increased Productivity due to Decrease
in System Availability Issues
No time to watch videos?
Having recorded video of all on-screen activity is important, but what makes it really valuable is having a quick and easy way to nd exactly what
you are looking for in any video and across all recorded videos. Trying to nd one important moment within hundreds of hours of video is worse
than trying to nd a needle in a haystack.
Our Solution: ObserveIT provides priceless video activity analysis. Along with the screen video, ObserveIT has sophisticated capabilities to
generate textual activity data of visible every action performed by users via mouse or keyboard including information about the context in
which they occurred.
To sum up, it is just logical and prudent to entrust the optimum utilization of your network
with no compromise on security.
Verizon Report
Discovery methods
This report shows that only 1% of overall data breaches are discovered by log analysis! Why?
Because system logs are built by DEVELOPERS for DEBUGGING and not by SECURITY ADMINS for SECURITY AUDIT.
ObserveIT gives you human readable textual logs with related videos attached to it!
y
This report shows that only 1%of overall data breaches are discovered by log analysis! Why?
Top 20 threat actions by victim region across 47,000+ security incidents
As the report shows, highest number of security incidents occurred in EMEA!
p y g y
As the report shows highest number of security incidents occurred in EMEA!
What does ObserveIT record?
Login to application
Delete le
Change password
Start SAP transaction
View Customer Detail
page in CRM
Open specic URL
Access shared folder
Edit system les
Change OS setting
Send Email
Run a query on SQL Server
or Oracle Database
Download le from the internet
Capture a printscreen image
Send les to FTP Server
Open Visual Studio
to change source code
and more...
See exactly what users are doing!
With so many privileged
vendors accessing our
servers, it can be difcult
to keep an eye on whos
doing what.
Isaac Milshtein, Pelephone
Solution Benets
Bulletproof Legal Evidence - Reduce the risk of misaligned client-vendor
interests by capturing bulletproof legal evidence of all vendor activity. Video
replay can be used during litigation or to eliminate the need for legal action.
Third Party Monitoring - Know exactly what 3rd party vendors are doing on
your servers. Improve security and ensure transparent billing validation.
Compliance Report Automation - Track every access to corporate servers and
databases, with detailed usage reporting and total application coverage.
Managed Services Monitoring - Transparent accountability reporting of all
outgoing support sessions provides provable SLA validation and decreased
support costs.
Root Cause Analysis - Achieve fast troubleshooting when you discover the root
cause of system cong changes. Establish business intelligence with focused
navigation and video playback.
OEM Software Integration - Add session recording features to your own
commercial software products or custom enterprise applications.
Who Benets from ObserveIT?
Even though the benets of ObserveIT are immeasurable, we list a few general utilization arenas...
Compliance Ofcers can incorporate ObserveIT in their reporting process
IT Managers can streamline troubleshooting
ISVs can integrate ObserveIT into their software products, to add screen recording functionality
Managed Services providers can embed ObserveIT into their IT service offerings, to strengthen reliability and SLA
What you will miss without ObserveIT:
Precise indication of changes within les
E.g. File system audit shows that web.cong
was changed. ObserveIT shows exactly which
key was edited: DBA changed the connection
string key.
System changes driven by UI action
E.g. A single checkbox in a properties window
can generate dozens of changes in multiple
cong les. ObserveIT shows the exact action
that caused the change, not the reverse-
engineering of le changes.
Copy / Export / Screen Capture
E.g. ObserveIT captures every on-screen activity,
including copy / paste.
ObserveIT Feature List
Record & Replay Windows, Unix and Linux Sessions - Exact video playback of every
session, including mouse movements, UI interaction, command line interaction, text entry and underlying
system calls. Simple playback and navigation of recordings.
Privileged User Identication - Add additional level of system access control for sensitive
resources. Require shared-id users (e.g. administrator) to add secondary login credentials.
Manage users locally or tie in to Active Directory.
Intelligent Metadata Text Log - Captures details about each user action: Application name, User
name, Server, Window title, File or Resource accessed, underlying system calls. Interactive drill down and fast
navigation eliminates the need to replay hours of video to nd what you need.
User Messaging - Send policy and status updates to each user exactly as they log in,
ensuring that corporate standards are understood and acknowledged.
Real-time Playback - Session recordings are immediately available once session begins.
View session activity "on air", while users are still active.
API Interface - Control the ObserveIT Agent via scripting and custom DLLs from within your corporate
applications. Trigger recording activity based on process IDs, process names or web URLs.
Report Generator - Use our pre-built audit reports, or create your own custom reports.
Schedule reports to run automatically for email delivery, or run ad-hoc and export to Excel or XML.
Complete Coverage - Agnostic to network protocol and client application. Captures all remote
and console sessions: SSH, Telnet, Terminal Services, Citrix, Remote Desktop, PC-Anywhere, VMware,
VNC, Dameware and more.
System Monitor & Ticketing System Integration - Instant replay from within network
management (SCOM, Unicenter, Tivoli, OpenView and more). Real-time alerts on any user action (le access,
network share, registry edit, URL access), Ticketing System Integration etc.
Robust Security - Agent-Server encryption, Digital Signatures and Watchdog mechanism ensure
the highest security and reliability.
Recording Policy Rules - Granular include / exclude policy rules to set recording rules per server,
user / user group or application.
Pervasive User Permissions - Granular permissions and access control affects all content access,
satisying all regulatory requirements.
Small Footprint - Ultra-efcient data storage: Less than 250GB/year for high-usage, 1000 server
environment. Minimal Agent CPU utilization: 0% CPU when no console active, 1%-2% CPU,
10 MB RAM during session).
How ObserveIT Works
Identify: ObserveIT identies all remote and terminal users
As soon as a user starts a session (using any connection protocol), ObserveIT identies the precise user id. Shared
users (e.g. "administrator") must provide secondary credentials of a specic named user.
Record: ObserveIT records every user action
ObserveIT captures a video recording of every user action. Exact visual capture of each UI action is recorded,
plus textual metadata info about each action. Each change in UI appearance generates a new image capture.
Metadata captured includes application names, les and resources affected and more.
Report: ObserveIT produces pre-built and customizable compliance reports
Authorized users can access the audit recordings any way they wish. Ad hoc searching for relevant sessions,
automated canned reports, textual summaries and full video replay are at your ngertips.
ObserveITs Unique Advantage:
Video + Metadata places all the intelligence at your ngertips
ObserveIT lists every user session
Exact video playback
Within each session, details of
every action taken
For each command, a detailed
list of system calls
List of each user
command
Exact video playback of
command prompt screen
Windows Session:
Metadata + Video
ObserveIT captures Window ttle,
Applicaton name, les opened,
URL accessed, UI element
selecton and text entry
Unix/Linux Session:
Metadata + Video
ObserveIT captures shell logins, including
all command line activity and system calls.
(if user types rm*, ObserveIT captures
each le name that is deleted.
ObserveIT Architecture
The ObserveIT Agent is installed on each monitored server. The Agent captures data (screenshot and
metadata) for every user action. Metadata includes info on the state of the operating system and the application
program being used, which allows ObserveIT to precisely identify what the user is doing. By default, the Agent
communicates with the Management Server via TCP port 4884. All content is encrypted. The Agent architecture
includes a Watchdog service to prevent it from being shut off.
The ObserveIT Management Server is an ASP.NET application in IIS that collects all data delivered
by the Agents, where it is analyzed and sent to the Database Server to be stored and indexed. The Management
Server communicates with the Agents for every conguration update. It also can integrate easily with LDAP for
user validation, with SIEM to link video replay from within textual log le listings and with Network Management
systems to allow system alerts and updates based on user activity.
The ObserveIT Web Console is an ASP.NET application in IIS that serves as the primary interface
for accessing information (video replay, reporting, etc.) in ObserveIT. It is also used for conguration and
administration tasks. Cong data is also stored in the Database Server. The Web Console includes granular policy
rules for limiting access to sensitive data.
The Database Server is a Microsoft SQL Server database that stores all conguration data, metadata
and screenshots captured by ObserveIT Agents. Both the Management Server and Web Console apps
connect via standard TCP port 1433.
Each of the three server applications can be installed on a single machine or distributed for performance and
security considerations.
Deployment Scenarios
ObserveIT can be deployed in a number of different methods, as highlighted below.
The different methods are not mutually-exclusive, allowing for a hybrid deployment
when desired.
Standard Agent-based Deployment
(Servers and Desktops) (Fig: 1)
The standard method of deployment involves deploying the ObserveIT agent
on each machine to be monitored.
An agent is installed on each machine that is being monitored, which captures
activity on the machine and feeds the video / log data to the management
server.
Jump Server Gateway (Fig: 2)
In this scenario, the ObserveIT Agent is only deployed on a gateway machine.
Users are routed via this gateway, and thus ObserveIT still records all user
sessions in which the user connects through to another target machine via RDP,
SSH or other protocol.
ObserveIT does not record any user session in which a user logs on directly to the target
machine (via local console login, or via direct RDP/SSH/etc. window that isnt routed via
gateway.) Also, the amount of textual metadata captured is less than that for a full agent
deployment scenario, due to the fact that the ObserveIT Agent on the gateway does not have
access to OS specic info on the target machine. (e.g. Cannot see the name of a le opened
within an RDP window.)
Citrix Server for Published Applications (Fig: 3)
The ObserveIT Agent can also be deployed on a Citrix Server, in order to
record all activities that take place within published applications served by
the Citrix machine.
Hybrid Deployment: Agent-based + Gateway (Fig: 4)
ObserveITs allows you to deploy any combination of these architectures
simultaneously. A gateway can be used for full network coverage, providing
an audit of all activities for the majority of users who are routed via the
gateway. Then, agents can also be deployed on specic sensitive servers
that require a more detailed audit, including any logins performed by
highly-privileged users who have direct access to the machine.
Citrix
Server Server
ObserveIT
Agent
ObserveIT
Management Server
Published Apps
Remote
Access
Fig: 1
Fig: 2
Fig: 3
Fig: 4
A Selection of ObserveIT Customers
"As soon as vendors discovered that all actions are being recorded, it became much easier to manage them."
Moti Landes
IT Div. CISO
"Not only was ObserveIT able to record every single user session on the servers, the recordings are also fully indexed, allowing me
to zoom in on areas of interest."
Robert Ng
Siemens
"To be able to keep track of what admins have done and why, the product is amazing. Trust and be able to verify is essential approach
in IT work in these times."
Timo Knuutila
Pro-Support Enterprise Senior Technical Analyst at Dell
"We used ObserveIT to monitor administrator activity. We started with a few agents then when we saw the product kept the
promises made, we delivered ObserveIT to our entire server farm. Nowadays compliance is really a challenge, ObserveIT helps on
transforming the challenge in to a successful story."
Gianfranco Ballerini
ICT Infrastructure Manager at ING Lease
DUBAI: Tel. : +971 4 238 4895 Fax : +971 4 238 4896
JEBEL ALI: Tel. : +971 4 887 3884 Fax : +971 4 887 3886
Email: observeit.mena@heyce.com Web : www.heyce.com
Security Camera For Your Servers